diff options
Diffstat (limited to 'recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch')
-rw-r--r-- | recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch | 193 |
1 files changed, 0 insertions, 193 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch deleted file mode 100644 index 1118a6f..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch +++ /dev/null @@ -1,193 +0,0 @@ -From 21e3ca4ec77f9258aa4001f07faac1c4942b48b4 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus <tudor.ambarus@freescale.com> -Date: Fri, 9 May 2014 17:54:06 +0300 -Subject: [PATCH 18/26] eng_cryptodev: extend TLS offload with - 3des_cbc_hmac_sha1 - -Both obj_mac.h and obj_dat.h were generated using the scripts -from crypto/objects: - -$ cd crypto/objects -$ perl objects.pl objects.txt obj_mac.num obj_mac.h -$ perl obj_dat.pl obj_mac.h obj_dat.h - -Change-Id: I94f13cdd09df67e33e6acd3c00aab47cb358ac46 -Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> -Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> -Reviewed-on: http://git.am.freescale.net:8181/34001 ---- - crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++++++++ - crypto/objects/obj_dat.h | 10 +++++++--- - crypto/objects/obj_mac.h | 4 ++++ - crypto/objects/obj_mac.num | 1 + - crypto/objects/objects.txt | 1 + - ssl/ssl_ciph.c | 4 ++++ - 6 files changed, 41 insertions(+), 3 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 79b2678..299e84b 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -135,6 +135,7 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void ENGINE_load_cryptodev(void); - const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; - - inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) - { -@@ -252,6 +253,7 @@ static struct { - { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0}, - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, -+ { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20}, - { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, - { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, - { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, -@@ -466,6 +468,9 @@ cryptodev_usable_ciphers(const int **nids) - case NID_aes_256_cbc_hmac_sha1: - EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); - break; -+ case NID_des_ede3_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); -+ break; - } - } - return count; -@@ -571,6 +576,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - switch (ctx->cipher->nid) { - case NID_aes_128_cbc_hmac_sha1: - case NID_aes_256_cbc_hmac_sha1: -+ case NID_des_ede3_cbc_hmac_sha1: - cryp.flags = COP_FLAG_AEAD_TLS_TYPE; - } - cryp.ses = sess->ses; -@@ -763,6 +769,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - switch (ctx->cipher->nid) { - case NID_aes_128_cbc_hmac_sha1: - case NID_aes_256_cbc_hmac_sha1: -+ case NID_des_ede3_cbc_hmac_sha1: - maclen = SHA_DIGEST_LENGTH; - } - -@@ -1082,6 +1089,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { - NULL - }; - -+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = { -+ NID_des_ede3_cbc_hmac_sha1, -+ 8, 24, 8, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ - const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { - NID_aes_128_cbc_hmac_sha1, - 16, 16, 16, -@@ -1163,6 +1184,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_256_cbc: - *cipher = &cryptodev_aes_256_cbc; - break; -+ case NID_des_ede3_cbc_hmac_sha1: -+ *cipher = &cryptodev_3des_cbc_hmac_sha1; -+ break; - case NID_aes_128_cbc_hmac_sha1: - *cipher = &cryptodev_aes_128_cbc_hmac_sha1; - break; -diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index bc69665..9f2267a 100644 ---- a/crypto/objects/obj_dat.h -+++ b/crypto/objects/obj_dat.h -@@ -62,9 +62,9 @@ - * [including the GNU Public Licence.] - */ - --#define NUM_NID 920 --#define NUM_SN 913 --#define NUM_LN 913 -+#define NUM_NID 921 -+#define NUM_SN 914 -+#define NUM_LN 914 - #define NUM_OBJ 857 - - static const unsigned char lvalues[5974]={ -@@ -2399,6 +2399,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ - {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", - NID_aes_256_cbc_hmac_sha1,0,NULL,0}, - {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, -+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", -+ NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, - }; - - static const unsigned int sn_objs[NUM_SN]={ -@@ -2474,6 +2476,7 @@ static const unsigned int sn_objs[NUM_SN]={ - 62, /* "DES-EDE-OFB" */ - 33, /* "DES-EDE3" */ - 44, /* "DES-EDE3-CBC" */ -+920, /* "DES-EDE3-CBC-HMAC-SHA1" */ - 61, /* "DES-EDE3-CFB" */ - 658, /* "DES-EDE3-CFB1" */ - 659, /* "DES-EDE3-CFB8" */ -@@ -3585,6 +3588,7 @@ static const unsigned int ln_objs[NUM_LN]={ - 62, /* "des-ede-ofb" */ - 33, /* "des-ede3" */ - 44, /* "des-ede3-cbc" */ -+920, /* "des-ede3-cbc-hmac-sha1" */ - 61, /* "des-ede3-cfb" */ - 658, /* "des-ede3-cfb1" */ - 659, /* "des-ede3-cfb8" */ -diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h -index b5ea7cd..8751902 100644 ---- a/crypto/objects/obj_mac.h -+++ b/crypto/objects/obj_mac.h -@@ -4030,3 +4030,7 @@ - #define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" - #define NID_aes_256_cbc_hmac_sha1 918 - -+#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1" -+#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" -+#define NID_des_ede3_cbc_hmac_sha1 920 -+ -diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index 1d0a7c8..9d44bb5 100644 ---- a/crypto/objects/obj_mac.num -+++ b/crypto/objects/obj_mac.num -@@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1 916 - aes_192_cbc_hmac_sha1 917 - aes_256_cbc_hmac_sha1 918 - rsaesOaep 919 -+des_ede3_cbc_hmac_sha1 920 -diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index d3bfad7..90d2fc5 100644 ---- a/crypto/objects/objects.txt -+++ b/crypto/objects/objects.txt -@@ -1290,3 +1290,4 @@ kisa 1 6 : SEED-OFB : seed-ofb - : AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1 - : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1 - : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1 -+ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 8188ff5..310fe76 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c -@@ -639,6 +639,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, - c->algorithm_mac == SSL_SHA1 && - (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; -+ else if (c->algorithm_enc == SSL_3DES && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; - return(1); - } - else --- -2.3.5 - |